Last updated:
A sponsored Google ad posing as a link to Sony’s blockchain project, Soneium, has been exposed as a cleverly disguised crypto wallet drainer, according to blockchain security firm Scam Sniffer.
In an October 22 post on X, the firm detailed that a search for “soneium” on Google led users to a phishing site designed to steal crypto assets.
Scam Sniffer revealed that the ad linked to a website with a domain name similar to Soneium’s official site, which appeared as a legitimate yet unfinished landing page for a radiology service based in the UK.
Deceptive Site Contains Hidden Wallet Drainer
The deceptive site contained a hidden wallet drainer, ready to exploit unsuspecting visitors.
“It’s easy to fall victim to phishing when you’re not paying close attention, especially if you mistype ‘Soneium’ as ‘Someium’,” Scam Sniffer explained.
The firm also noted that the website creators used sophisticated techniques to evade detection by Google, making it difficult for the search engine to flag the malicious ad.
Soneium is an Ethereum layer-2 blockchain developed by Sony Block Solutions Labs, a joint venture between Sony and blockchain firm Startale Labs. The platform launched its testnet in August.
The latest incident follows a report from Scam Sniffer earlier this month that revealed over $46 million in crypto was stolen from more than 10,800 phishing victims in September alone.
In the third quarter of 2024, over $127 million in crypto assets were stolen, with Ether wallets being the prime targets in these phishing attacks.
Fake Wallet App Steals $70K in Crypto
In another incident, a fraudulent cryptocurrency wallet app on Google Play has reportedly stolen $70,000 from users in a sophisticated scam that has been described as a world-first for targeting mobile users exclusively.
The malicious app, named WalletConnect, mimicked the reputable WalletConnect protocol but was, in fact, a sophisticated scheme to drain crypto wallets.
The deceptive app managed to deceive over 10,000 users into downloading it, according to Check Point Research (CPR), the cybersecurity firm that uncovered the scam.
The scammers behind the app were well aware of the typical challenges faced by web3 users, such as compatibility issues and the lack of widespread support for WalletConnect across different wallets.
They cleverly marketed the fraudulent app as a solution to these problems, taking advantage of the absence of an official WalletConnect app on the Play Store.
As reported, Cybersecurity scammers are using automated email replies to compromise systems and deliver stealthy crypto mining malware.
This comes on the heels of another malware threat identified in August.
The “Cthulhu Stealer,” which affects MacOS systems, similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.